lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20250724153044.149890-1-kevinpaul468@gmail.com>
Date: Thu, 24 Jul 2025 21:00:44 +0530
From: Kevin Paul Reddy Janagari <kevinpaul468@...il.com>
To: tytso@....edu
Cc: adilger.kernel@...ger.ca,
	linux-ext4@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	kevinpaul468@...il.com
Subject: [PATCH] ext4: prevent module unload while filesystem is in use

preventing attempt to unload the ext4 module while the fs is still actively
mounted by adding a check before exit

The crash occurs because ext4_inode_cache still contain objects
in use when kmem_cache_destroy is called

This is a log of the bug produced by crepro given by a local syzkaller

[  301.647795] BUG ext4_inode_cache (Tainted: G  R                ): Objects remaining on __kmem_cache_shutdown()
[  301.652120] -----------------------------------------------------------
[  301.652120] 
[  301.653366] Object 0xffff88800ec88008 @offset=8
[  301.653877] Allocated in ext4_alloc_inode+0x27/0x1a0 [ext4] age=46055 cpu=0 pid=616
[  301.655766]  ext4_alloc_inode+0x27/0x1a0 [ext4]
[  301.657063]  alloc_inode+0x2b/0x120
[  301.657570]  iget_locked+0x1ae/0x3e0
[  301.658137]  __ext4_iget+0x243/0x1af0 [ext4]
[  301.659197]  ext4_lookup+0x1b5/0x3e0 [ext4]
[  301.660784]  __lookup_slow+0xd1/0x1f0
[  301.661575]  walk_component+0x1a7/0x250
[  301.662411]  path_lookupat+0x9a/0x2f0
[  301.663179]  filename_lookup+0x14e/0x2e0
[  301.663947]  vfs_statx+0xb9/0x240
[  301.664622]  __do_sys_newstat+0x62/0xd0
[  301.665376]  do_syscall_64+0x80/0x2c0
[  301.666091]  entry_SYSCALL_64_after_hwframe+0x76/0x7e

Was not able to reproduce on my host system
Tested in a Qemu instance

Signed-off-by: Kevin Paul Reddy Janagari <kevinpaul468@...il.com>
---
 fs/ext4/super.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index c7d39da7e733..c6c77369a252 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -7480,8 +7480,24 @@ static int __init ext4_init_fs(void)
 	return err;
 }
 
+static void ext4_busy_check(struct super_block *sb, void *data)
+{
+	int *is_busy = data;
+	*is_busy = 1;
+}
+
 static void __exit ext4_exit_fs(void)
 {
+
+	int is_busy = 0;
+
+	iterate_supers_type(&ext4_fs_type, ext4_busy_check, &is_busy);
+
+	if (is_busy) {
+		pr_warn("ext4: Cannot unload module, filesystem is still in use.\n");
+		return;
+	}
+
 	ext4_destroy_lazyinit_thread();
 	unregister_as_ext2();
 	unregister_as_ext3();
-- 
2.39.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ